Fit for Purpose: Introducing data mapping for a healthier NHS
Gemma Platt, managing executive for Vigilant Software, explores the challenges of data-sharing in the NHS and how data mapping could provide much needed clarity and better GDPR compliance
There is an overwhelming amount of data collected and stored in the NHS. On one hand, it can be an incredibly useful indicator about the effectiveness of service delivery, helping to inform future health programmes and improve diagnoses and treatment. However, the abundance of information could present a very real threat to security and compliance if it is not monitored and managed appropriately.
Public confidence in data-sharing has been tested in recent years by several high-profile breaches. In 2017, the global WannaCry attack led to nearly 20,000 cancelled hospital appointments in the UK. The Department of Health and Social Care (DHSC) estimates the breach cost the NHS £92m in direct costs and lost output as a result of disruption to services. This doesn’t factor in the penalties that could have been levied by GDPR, or the class action lawsuits from patients that could have followed.
The reason the NHS is such a rich target for cybercriminals is because it continues to rely on older technologies and operating systems, leaving them susceptible to attack. Earlier this year it was revealed that the NHS is still a major purchaser of fax machines, which have long been redundant in the private sector. Given the organisation is so sprawling and complex – and driven by the need to be cost-effective – it isn’t always possible to run the latest next-generation security tools, or integrate different moving parts in the most secure way.
What is certain is that the NHS would be unable to cope with enormous pay outs or fines in the aftermath of a serious incident. Could a severe cyberattack or data breach ultimately bring the end to free healthcare?
Mitigating risk with data mapping
Despite apprehensions around information security and compliance, the public still has faith in NHS organisations to manage patient data, and there is still strong support for information being shared to improve patient care and research. It’s therefore imperative that the NHS has a handle on what data is being stored, how it is used and what protection is in place to keep it secure.
- Healthcare providers: The route to digital transformation success
- The future for digitised healthcare
- Top 10 healthcare innovations for 2019
Data mapping is about creating a visual overview of all the data collected and stored by an organisation, providing an insight into the potential risks associated with each data type and location. It doesn’t rely on data sources being exclusively available online, so it can account for the paper-based processes that are still inherent within the NHS.
There are several considerations that organisations need to be mindful of before embarking on data flow mapping. Personal data can reside in a number of locations and be stored in various formats; paper, electronic and audio. The first step is to decide what information needs to be recorded, and in what form factor. Next they need to identify what type of security measure – and the policy and procedures for its use – needs to be introduced, while also defining who controls access to it. The final challenge is to understand what the organisation’s legal and regulatory obligations are; this may include compliance standards such as the PCI DSS and ISO 27001, as well as the GDPR.
The steps to data mapping
Once there is an understanding of the data that is being recorded, where it’s stored and how it is being protected, the NHS can begin to chart the data flow. First you need to familiarise yourself with how and where the data moves in and outside the organisation.
Next, identify what kind of data is being processed - names, addresses, emails - and what format do you store the data in; is it hardcopy or digital? How are you collecting the data; is it through the post, telephone, email, and how do you share it, both internally and externally? What locations are involved in the data flow, and who is accountable?
Asking this series of questions allows technicians to see how information is being used, and hopefully foresee any inappropriate or unintended use of the data. It also demonstrates due diligence in information security and compliance, in accordance with GDPR.
We all know the value of data, and we’d be wise not to underestimate the challenge it presents for security and compliance. By having complete visibility and granularity on what information is available across an entire organisation, data processors can recognise threats earlier and mitigate risks before any damage can be done.
Data de-identification - why it matters in healthcare
Large amounts of healthcare data is generated yet goes unused due to privacy concerns. To address this, data privacy firm TripleBlind has created Blind De-identification, a new approach that allows healthcare organisations to use patient data while eliminating the possibility of the user learning anything about the patient’s identity.
We asked Riddhiman Das, co-founder and CEO to tell us more about data de-identification.
Why is data de-identification important in healthcare?
Blind De-identification allows every attribute of any given dataset to be used, even at an individual level, while being compliant to privacy laws, rules, and regulations by default.
Governments around the world are adopting global data privacy and residency laws like GDPR, which prohibit citizens’ personally identifiable information data from leaving the borders of the country. While great for data protection, data residency laws result in global silos of inaccessible data. TripleBlind allows computations to be done on enterprise-wise global data, while enforcing data residency regulations.
In the US, HIPAA compliance has relied on what is called the Safe Harbor method, which requires removing 18 types of personal patient identifiers like names, email addresses, and medical record numbers. The Safe Harbor method can be too restrictive with the data or can leave too many indirect identifiers, which puts the patient data security at risk. Getting de-identification wrong could make an organisation liable for a costly mistake.
What does TripleBlind's solution do?
With TripleBlind, data is legally de-identified in real time with practically 0% probability of re-identification. Our solution allows analytics on data containing personally identifiable information and protected health information with zero possibility of re-identifying an individual from the dataset. This allows healthcare organisations to access more meaningful data, creating more accurate and less biased results.
For example, a healthcare drug researcher in a rural, predominantly white area, would only have patient data that would reflect their local population. With TripleBlind’s de-identification, they could more easily leverage third-party data from another healthcare facility in a more diverse region, creating a more complete data set that more accurately reflects the larger population. This has the possibility to create more accurate diagnoses and better drug results for more diverse populations.
How can healthcare organisations use this in practice?
TripleBlind is blind to all data and algorithms. That means we never take possession of customer data. We only route traffic between entities, enforce permissions, and provide audit trails. The enterprise’s data remains under their control. TripleBlind does not host, copy or control their data, algorithms or other information assets, ever.
We facilitate a connection to an encrypted version of their information assets. Our technology allows the algorithms and data to interact in an encrypted space that only exists for the duration of the operation. Organisations use their existing infrastructure, so it’s not hardware dependent.